← Back to CVEs
CVE-2017-7686
N/ADescription
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
CVE Details
CVSS v3.1 ScoreN/A
Published6/28/2017
Last Modified4/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
apache:ignite
Weaknesses (CWE)
CWE-200
References
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html(security@apache.org)
http://www.securityfocus.com/bid/99292(security@apache.org)
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/99292(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.